A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

Forums Security News (Security) A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your trendy gizmos from close range

Tagged: ,

  • This topic is empty.
Viewing 0 reply threads
  • Author
    Posts
    • April 11, 2020 at 6:26 pm #41145
      Telegram SmartBoT
      Moderator
      • Topic 5959
      • Replies 0
      • posts 5959
        @tgsmartbot

        #News(Security) [ via IoTGroup ]

        Headings…
        A dirty dozen of Bluetooth bugs threaten to reboot, freeze, or hack your tr
        Over the air? More like over the aarrrggghhh

        Auto extracted Text……

        A trio of boffins at Singapore University this week disclosed 12 security vulnerabilities affecting the Bluetooth Low Energy (BLE) SDKs offered by seven system-on-a-chip (SoC) vendors.
        The flaws, collectively dubbed SWEYNTOOTH (because every bug has to have its own name these days), allow a suitably skilled attacker to crash or deadlock BLE devices, or to bypass pairing security to gain arbitrary read and write access to device functions.
        “SWEYNTOOTH potentially affects IoT products in appliances such as smart-homes, wearables and environmental tracking or sensing,” explain Matheus E.
        Garbelini, Sudipta Chattopadhyay, and Chundong Wang, in a research paper [PDF] describing the BLE bugs.
        “We have also identified several medical and logistics products that could be affected.”
        The SDKs at issue come from Texas Instruments, NXP, Cypress, Dialog Semiconductors, Microchip, STMicroelectronics and Telink Semiconductor; they support BLE versions 4.1, 4.2, 5.0, and 5.1.
        Vulnerability CVE(s) Vendor Link Layer Length Overflow CVE-2019-16336
        NXP Truncated L2CAP CVE-2019-17517 Dialog Silent Length Overflow CVE-2019-17518 Dialog Public Key Crash CVE-2019-17520 Texas Instruments Invalid Connection Request CVE-2019-19193 Texas Instruments Invalid L2CAP Fragment CVE-2019-19195 Microchip Sequential ATT Deadlock CVE-2019-19192 STMicroelectronics Key Size Overflow CVE-2019-19196 Telink Zero LTK Installation CVE-2019-19194 Telink
        The researchers say they followed responsible disclosure practices by notifying as many affected vendors as they could and patches have been made available in some cases.
        About 480 products use the affected SoCs though not all are necessarily affected.
        Garbelini, Chattopadhyay, and Wang voiced concern about the potential impact on medical products

        Read More..
        AutoTextExtraction by Working BoT using SmartNews 1.02976805238 Build 26 Aug 2019

    • Author
      Posts
    Viewing 0 reply threads
    • You must be logged in to reply to this topic.